Apply Change-Centric Causal Analysis to Quickly Fix Problems (Part 2)
This article is part of a 5 part series covering how unauthorized changes still remain the bane of today's IT operations, regardless of advances in technology, and how automated change detection is critical for addressing this.
- Unauthorized Changes Still Undermine Modern Environments
- Apply Change- Centric Causal Analysis to Quickly Fix Problems
- Detect Unauthorized Changes Automatically
- Empower the Service Desk to Prevent Incidents
- Know What Changed to Stop Outages
Part 2 of a 5 part series
- - - -
According to industry reports, as much as 95% of issues are caused by change (configuration, data, capacity, workload, code, etc.). Something actually has to change for an incident to occur. Therefore by identifying what changed and when the change occurred, IT can be alerted early-on to the risk of an incident.
Moreover, many times even designated personnel cannot verify what they're actually doing. So unfortunately unauthorized changes still get deployed into environments. While there are tools available, like CyberArk, that allow IT Operations to control privileges, the problem is that it's impossible to know what users actually did.
Unauthorized Change at Fault for Root Cause Analysis Time
The biggest challenge for Root Cause Analysis (RCA) is the time required to locate the root cause. It's been shown that unfortunately unauthorized change is predominantly at fault for most RCA. When the root cause is accurately identified, then it is relatively easy to fix. However, currently the problem is exactly how to know what changed and how to actually get to the causal ID in order to fix the problem.
Leverage Early Detection of True Root Cause to Slash RCA Time
Evolven tracks and correlates changes. This allows IT Operations the ability to significantly slash the time required for RCA. So by quickly finding out what's changed, the root cause can be reached and then the issue can be promptly resolved.
In this example, through Evolven’s integrated view of alerts, changes are identified at the top. Here there is an APM alert for an on-demand loan that's slowing down.
At the same time there is a Splunk alert from a Tomcat001 device that shows disk space is running low.
By applying Evolven’s analysis and analytics to changes, one can immediately see that there is an unauthorized change.
It appears that overnight somebody turned on the debug plug. The interface shows the incident happened on Tomcat001 while both 002 and 003 servers remained in a normal state.
With this level of detail from Evolven, one can very quickly see the location to go to for the fix.
To sum up this example:
- There was an alert
- The change was able to be identified
- The area was also able to be quickly identified in order to see what needed to be fixed
Instead of going through a long grueling process, costing business operational value and commercial brand, this issue can be resolved rapidly and efficiently with Evolven.